A company is sometimes required to apply compliance controls to emails, financial information, product information, or other company assets, for example as part of a lawsuit. These assets are often stored and managed on different types of systems that operate independently. For example, financial information and emails may be stored on different systems and managed by different software applications or processes. One approach is to apply controls to each system individually. For example, each system implements its own set of compliance functions that manages the data stored on that particular system. However, this approach lacks scalability and/or centralization which in some cases it an unattractive solution. For example, every time a new system is deployed that requires compliance controls, new compliance functionality needs to be implemented on that system which may be expensive.
Alternatively, in a federated records management system, a single system enforces compliance controls across some or all systems of an entire enterprise. For example, a proxy object is created on a records management master system. The proxy object points to or references a piece of content or other data stored on an external or remote system. There may be a requirement that such a piece of content or other data, sometimes referred to herein as a “stored object” or “stored content item”, be retained and that it not be changed. For example, the stored object may be an email that needs to remain untouched for discovery during litigation. In some cases, a piece of content or data being protected is under the management or control of another (e.g., legacy) system or process for protecting or backing up data. This may, for example, allow a user to use a federated records management system without having to migrate information or systems. However, it may be difficult or impossible to prevent local systems or processes on an external system from changing or deleting the content or other information being protected on that system.